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Description 

The present invention relates to integrated circuit 
cards (hereinafter referred to as I C cards). 

The convenience of IC cards for multi-purpose 
usage, such as for banking, shopping, and travel ser- 
vices, etc., has encouraged a widespread use of 
these cards, which although having different nomen- 
clatures, for example, Smart Card or Chip-in Card, 
provide similar facilities. 

As explained in detail hereinafter, one form of pri- 
or art IC card contains a processor, i.e. a central proc- 
essing unit (CPU) and a memory, both packaged in a 
plastic plate as one body. The capacity of the memory 
might typically be 8K bytes, but such memory capaci- 
ty may not be sufficient when the facilities provided 
by the IC card are to be expanded. If a large capacity 
memory is required a separate optically readable 
memory may be provided on the card, as disclosed in 
EP-A-0147337, for example a laser memory as dis- 
closed in EP-A-01 3821 9. A laser memory can be writ- 
ten and read by laser light, similarly to a CD-ROM. 
The capacity of a laser memory can be several million 
bytes. 

An alternative form of IC card system has been 
considered, having a magnetic strip thereon, in which 
information recorded on the magnetic strip is read 
and handled by a processor separate from the inter- 
nal processor of the IC card. 

In such prior art systems, the internal processor 
of the card only reads and handles information stored 
in an internal memory of the card. 

According to the present invention there is provid- 
ed an I C card containing a processor, for communicat- 
ing with an external card-acceptance device, and an 
internal memory, connected to cooperate with the 
processor, for storing data to be accessed by the proc- 
essor, there being mounted on a surface of the card 
an external memory for storing further data, which 
further data is to be accessible only by way of the said 
external card-acceptance device, characterised in 
that the said internal memory includes a directory for 
storing respective addresses at which data files are 
stored in the external memory, and in that the said 
processor is provided with an external memory ac- 
cess program for enabling such a card-acceptance 
device to obtain, from the said directory, address in- 
formation necessary to enable the card-acceptance 
device to access such files in the external memory. 

In an embodiment of the present invention, the IC 
card is provided with an internal processor (CPU) 
which includes communication means for accessing 
an external auxiliary memory, provided integrally with 
the body of the IC card, by way of an external card- 
acceptance device. 

An IC card system embodying the present inven- 
tion desirably provides protection against illegal ac- 
cess to information in the external memory, and can 



advantageously provide an IC card system in which 
records relating to past access to information record- 
ed in the external memory (update history) can be 
easily obtained by an authorised user after verif ica- 
5 tion. 

Reference will now be made, by way of example, 
to the accompanying drawings, in which: 

Figure 1 is a perspective view of a conventional 
IC card; 

10 Figure 2 is a schematic diagram of the internal 

construction of an integrated circuit module; 
Figure 3 is a perspective view of an IC card of a 
system embodying the present invention; 
Figure 4 is a schematic diagram of an arrange- 

15 ment of devices in an IC card of a system em- 

bodying the present invention; 
Figure 5 is a schematic diagram of the general 
construction of devices mounted on and in an IC 
card for a system embodying the present inven- 

20 tion; 

Fig. 6 is a blockdiagram of an IC card system em- 
bodying of the present invention; 
Fig. 7 is a blockdiagram illustrating the principles 
of construction of an IC card for a system em- 

25 bodying the present invention; 

Fig. 8 is a block diagram for clarifying a write 
process performed in the IC card shown in Fig. 7; 
Fig. 9 is a block diagram for clarifying a read proc- 
ess performed in the IC card shown in Fig. 7; 

30 Figs. 1 0A and 1 0B display a general concept of a 

data processing system, including an IC card, em- 
bodying the present invention; 
Figs. 11Aand 11 Bare flowcharts of a process for 
each command, performed by a CPU in an IC 

35 card of a system embodying the present inven- 

tion; 

Fig. 12 is a detailed flow chart of the process "A" 
shown in Fig. 11B; 

Fig. 13 is a detailed flow chart of the process "B" 
40 shown in Fig. 11B; 

Fig. 14 is a detailed flow chart of the process "C" 
shown in Fig. 11B; 

Fig. 1 5 is a detailed flow chart of the process "D" 
shown in Fig. 11B; 
45 Fig. 16 is a detailed flow chart of the process "E" 

shown in Fig. 11B; 

Fig. 1 7 is a detailed flow chart of the process "F" 
shown in Fig. 11B; 

Fig. 18 is a detailed flow chart of the process "G" 
so shown in Fig. 11 B; 

Fig. 19 is a detailed flow chart of the process "H" 
shown in Fig. 11B; 

Fig. 20 is a detailed flow chart of the process "I" 
shown in Fig. 11B; 
55 Fig. 21 is a detailed flow chart of the process "J" 

shown in Fig. 11B; 

Fig. 22 is a schematic diagram of the general con- 
struction of devices mounted in and on an IC 
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card, particularly a memory history management 
part, of a system embodying the present inven- 
tion; 

Figs. 23A and 23B show a specific arrangement 
of the memory history management part shown 
in Fig. 22; and 

Figs. 24A and 24B illustrate a flow chart of read 
and write operations at an external memory 
(EM EM), and show an arrangement of related 
memories. 

Figure 1 is a perspective view of a conventional 
IC card. In Fig. 1, reference 1 represents an IC card. 
The IC card 1 contains an integrated circuit module 2 
comprising a processor (CPU) and an internal mem- 
ory (neither of which are shown). The CPU and the 
memory transmit and receive data to and from an ex- 
ternal card-acceptance device via a plurality of con- 
tacts 3. Fig. 1 shows the rear surface of the IC card; 
the front surface thereof has a variety of devices 
mounted thereon, such a display unit, a ten key unit, 
and so on. 

Fig. 2 is a schematic diagram of an internal con- 
struction of an integrated circuit module. The main 
components of the integrated circuit module 2 are the 
processor (CPU) 4 and the internal memory (I MEM) 
5. The (CPU) 4 provides an IC card access means 6 
and the memory, generally a main memory, provides 
a plurality of format areas 8; these format areas 8 also 
define a file 9. 

The internal memory access means (IMAM) 6 
sets up an operating system and is able to process an 
access of the IC card 1 to the external card accep- 
tance device. When the access is directed to the file 
9 in the memory 5, a search is first made of a directory 
7, which stores file numbers (Nos.). 

In Fig. 2, the memory (IMEM) comprises an IC 
memory, for example, an electronically erasable pro- 
grammable read only memory (EEPROM). The ca- 
pacity of the IC memory might typically be 8 K bytes. 
As previously mentioned, such a memory capacity is 
not sufficient to develop a versatile general-purpose 
IC card, and accordingly, in the prior art, a laser mem- 
ory card may be used as an accessory to the IC card. 
However, it is inconvenient to utilize a separate laser 
memory card with an IC card, despite the very large 
memory capacity of the laser memory card. 

In Fig. 3, an IC card of a system embodying the 
present invention is provided with an external mem- 
ory 11 mounted on the surface of the body of the IC 
card 10 to form a monolithic structure. The external 
memory 11 is adhered to the body of the IC card 10. 
As such, the external memory 11 is physically and 
logically separated from an integrated circuit module 
12. 

Figure 4 is a schematic diagram of an arrange- 
ment of devices in an IC card of a system embodying 
the present invention. The IC card 10 contains the 
processor (CPU) 4 and the internal memory (IMEM) 



5, i.e. a main memory, both incorporated in the inte- 
grated circuit module 12, i.e. an IC chip. The contacts 
(shown by Fig. 3 but not illustrated in Fig. 4) are used 
for data communication between the processor 4, to- 

5 gether with the internal memory 5, and the external 
IC card acceptance device. The external memory 
(EMEM) 11 does not perform data communication via 
the contacts 3, but communicates directly with the ex- 
ternal IC card acceptance means, as illustrated by a 

10 two-way arrow in Fig. 4. Note, identical components 
are generally represented by the same reference nu- 
merals or characters throughout the drawings. 

Figure 5 is a schematic diagram of the general 
construction of devices mounted on and in an IC card 

15 of a system embodying the present invention. The 
processor (CPU) 4 is provided with a program ROM 
which includes therein the internal memory access 
means (IMAM) 6 and external memory access means 
(EMAM) 23. The means (IMAM) 6 and means 

20 (EMAM) 23 are constituted by programs. 

The internal memory (IMEM) 5 is preferably a 
non- volatile memory, such as an EEPROM, and has 
a first directory 21 and a second directory 22 formed 
therein. The second directory 22 defines those format 

25 areas 8, of the file 9, that are allotted for the internal 
memory per se (main memory), and thus the second 
directory 22 is substantially the same as the directory 
7 shown in Fig. 2. The first directory 21, however, de- 
fines those format areas 8 of the file 9 that are allotted 

30 for use in accessing the external memory 1 1 . The for- 
mat areas 8, and format areas 18 (explained below) 
in the external memory 11, store user data relating to 
the IC card owner. 

The external memory 11 is composed of a pass- 

35 word area 1 7 and the format areas 18 setting up a file 
1 9. The password in the area 1 7 is used in an authen- 
tication check of the external memory 11 performed 
by the internal processor. 

The external memory (EMEM) 11 can have a 

40 memory capacity much larger than that of the internal 
memory (IMEM) 5, and accordingly, the external 
memory 11 may be an optical memory, such as a las- 
er memory, which may have a memory capacity of 
several M bytes even though small in size. 

45 Figure 6 is a block diagram of an IC card system 

embodying the present invention. In Fig. 6, the char- 
acters W CC" denote a conventional communication 
controller, 20 denotes an external IC card- 
acceptance device provided with a conventional 

so reader-writer for data communication with the IC card 
10, 24 an access unit for accessing the external mem- 
ory (EMEM) 11 via an interface 27, for example an 
optical reading and writing device, 26 a processor 
containing in particular a terminal EMAM, i.e. external 

55 memory access means, and 30 a terminal station, for 
example a personal computer 31 handling an applica- 
tion program (APL). 

In Fig. 6, a first logical system constituted by the 
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CPU 4 and the external memory (EM EM) 11 is isolat- 
ed from a second logical system constituted by the 
CPU 4 and the internal memory (MEM) 5, although 
the first logical system and the second logical system 
can be logically connected together by the external IC 
card acceptance means 20 via the respective inter- 
faces (27 and 3). Only data handled by the CPU 4 is 
sent to the external memory (EMEM) 11, and read 
and write operations for the external memory are car- 
ried out by using only addresses determined by the 
CPU 4. The CPU 4 executes the card EM AM program, 
and the IC card acceptance means (El AM) 20 (e.g. 
the reader- writer and reading and writing device) 
communicates with the CPU 4 and the EMEM 11. In 
the El AM 20, the processor (CPU) 26 executes a ter- 
minal EMAM program. The CPU (terminal EMAM) 26 
is supplied with a command by the aforesaid applica- 
tion program (APL), and in accordance with the kind 
of command, the CPU 26 selectively executes an in- 
ternal processing of the terminal EMAM, an access to 
the external memory 11, and an access to the CPU 4 
(device EMAM), and according to the result of this in- 
ternal processing and the result of the access, an ap- 
propriate response is returned to a personal comput- 
er 31 (application program). The CPU 4 (card EMAM), 
after recognition by the terminal EMAM 26 of a com- 
mand from the application program, is called by the 
terminal EMAM 26, if required by the resultant recog- 
nition, and the CPU 4 then executes a command giv- 
en by the terminal EMAM. The result of this command 
execution is returned to the terminal EMAM. 

When using the IC card 10, security must be tak- 
en into consideration, particularly the security of data 
stored in the external memory (EMEM) 11 . Otherwise 
the contents of the EMEM 11 could be easily stolen 
by a third party, because the EMEM 11 is exposed 
outside the body of the IC card 1 0. 

Figure 7 is a block diagram showing the principles 
of construction of an IC card of a system embodying 
the invention. The IC card of Fig. 7 is designed to take 
security into consideration. In Fig. 7, the IC card 10 
having a security function is comprised of the afore- 
said external memory (EMEM) 11 , an address holding 
means 44 for holding addresses of the files 19 stored 
in the EMEM 11, a cryptograph management informa- 
tion memory means 45 for storing the cryptographic 
management information used for enciphering data 
and for deciphering the ciphered data, a write proc- 
essing means 43, a first read processing means 41 
and a second read processing means 42. The means 
41, 42 and 43 are functions of the CPU 4, and the 
means 44 and 45 are contained in the internal mem- 
ory (IMEM) 5, e.g. a main memory. 

The write processing means 43 operates upon re- 
ceipt of a write command WC, and the corresponding 
write data WD, to encipher the said write data WD with 
reference to the cryptograph management informa- 
tion, to search for the corresponding address AD of 



the external memory (EMEM) 11, at which the enci- 
phered write data CWD is to be written, by referring 
to the address holding means 44, and to send the en- 
ciphered write data CWD and the corresponding ad- 

5 dress AD to the external card- acceptance device 20. 
The first read processing means 41 operates 
upon receipt of a first read command RC1, and the 
corresponding individual file number FN of the file 1 9, 
to search for the corresponding read address RA, re- 

10 lated to the given file number, by referring to the ad- 
dress holding means 44, and to send that read ad- 
dress RA to the card-acceptance device 20. 

The second read processing means 42 operates 
upon receipt of a second read command RC2 and a 

15 ciphered read data CRD, to decipher the said enci- 
phered read data CRD by referring to the crypto- 
graphic management information, and to send the 
thus deciphered read data DRD to the card- 
acceptance device 20. 

20 The address holding means 44 is contained in the 

internal memory, and specifies a new area in the file 
9 with reference to a vacant area in the first directory 
21. 

Note, the means 45 (Fig. 7) has various keys and 
25 a ciphering algorithm, commonly known as a W DES" 
(Data Encryption System proposed by IBM). 

Figure 8 is a block diagram for clarifying a write 
process performed in an IC card of Fig. 7. For exam- 
ple, when writing data in the external memory 
30 (EMEM) 11, the following process is carried out: 

(I) the given write command WC and the corre- 
sponding write data WD are sent to the IC card 
10; 

(II) the enciphered write data CWD and the cor- 
35 responding address AD for writing in the external 

memory (EMEM) 11 are obtained and sent from 
the IC card 1 0 to the card acceptance device 20; 
and 

(III) the enciphered write data CWD is written in 
40 the EMEM 11. 

Figure 9 is a block diagram for clarifying a read 
process performed in an IC card of Fig. 7. For exam- 
ple, when reading data from the external memory 
(EMEM) 11, the following process is carried out: 
45 (I) the first read command RC1 and the corre- 

sponding individual file number FN are sentto the 
IC card 10; 

(II) the corresponding read address AD for the ex- 
ternal memory 11 is found by searching the ad- 

50 dress holding means 44 and then that address is 

sent from the IC card 10 to the card-acceptance 
device 20; 

(III) the enciphered read data CRD is obtained, by 
using the said read address AD, from the external 

55 memory 11; 

(IV) the enciphered read data CRD from the ex- 
ternal memory 11 is sent to the IC card 10 with a 
second read command RC2; and 



4 



7 



EP 0 330 404 B1 



8 



(V) deciphered read data DRD is sent from the IC 

card, in response to the second read command 

RC2. to the card-acceptance device 28. 

Figures 1 0A and 10B display a general concept of 
a data processing system including an IC card of a 5 
system embodying the invention. Figure 1 0A shows 
the IC card 10 and Fig. 10B shows the external IC 
card acceptance means 20 together with the terminal 
station 30, e.g. a personal computer. In Fig. 10A, ref- 
erence numeral 61 denotes a reset processing 10 
means, 62 a personal identification number (PIN) ver- 
ification processing means, 63 a card authentication 
(AC) processing means, 64 a file open processing 
means, 65 an E (abbreviation of EMEM 11) write 1 
processing means, 66 an E write 2 processing means, 1 s 
67 an E read 1 processing means, 68 an E read 2 
processing means, and 69 a file close processing 
means. Note, in Fig. 10B, C and R represent a com- 
mand block and a response block, respectively. 

The internal memory 5, e.g. a main memory 20 
(IMEM), holds system directory/system information, 
PIN management information, card issuer identifica- 
tion (ID) management information, card AC manage- 
ment information, APL-ID management information, 
system AC management information, cryptograph 25 
management information, i.e. keys for drafting a cryp- 
tograph or deciphering the cryptograph, an EMAM 
(external memory access means) directory, external 
memory (EMEM) management files, and so on. The 
personal identification number (PIN) is a secret code 30 
for confirming whether or not the user of the IC card 
is an entitled user. The PIN is registered in the IC card 
and, when the IC card is used, the PIN is checked for 
verification with the secret code input by a user. The 
IC card is not activated until the PIN verification is 35 
satisfied, whereby the IC card is able to access the 
system (20, 30). A variety of PIN's exist, such as a 
card manufacturer PIN, a transport PIN, card issuer 
PIN, an own PIN, and so on. The card issuer ID man- 
agement information is, for example, a name of a 40 
bank, a bank code, a card issuing date, a card issu- 
ance number, and so on. The authentication code 
(AC) is composed of data or an algorithm, in terms of 
elements (user, card, terminal machine or terminal 
station, service provider and the like) comprising an 45 
IC card system, used for confirming an authentication 
between any two elements. This data or algorithm is 
predetermined between two elements, and there- 
after, must be kept secret from other parties. Use of 
the AC enables prevention and detection of non-au- 50 
thorized use or forgery of an IC card and tampering 
with data in the IC card. The APL-ID is a key essential 
to a business file when accessed by a business ap- 
plication program. Thus, a business application can 
be made possible by specifying the APL-ID, to allow 55 
access to a required business file without referring to 
a physical address, and so on. The cryptograph man- 
agement information produces a cryptograph for de- 



ciphering the ciphered data stored in the external 
memory (EMEM) 11, management information re- 
quired when new data is to be stored therein, file cor- 
respondence numbers of the files in the EMEM 11, a 
cryptograph for deciphering data which has been 
cryptographically processed, and so on. The EMAM 
(external memory access means) directory is com- 
posed of a directory for the EMEM 11 and a directory 
for the internal memory (IMEM) 5. The directory for 
the EMEM 11 manages file names for managing the 
EMEM 11 , and file correspondence numbers for man- 
aging the same. The directory for the IMEM 5 man- 
ages a file correspondence number in the external 
memory (EMEM) 11 and addresses in a memory, 
managing attribute information with regard to the 
files in the EMEM 11. The EMEM management 
serves as an area for managing, in the file units, the 
attribute information for data in each file of the EMEM 
11, which attribute information is managed by the di- 
rectory for the IMEM. In the data area of the files in 
the external memory (EMEM) 11, attribute informa- 
tion is recorded which relates to the data in each file 
of the EMEM 11 . Further similar contents to be man- 
aged exist, such as the date of drafting of the related 
files, renewal date, and start and end of each physical 
address corresponding to the external memory 
(EMEM) 11. 

The EMAM (external memory access means) 23 
is provided with the above mentioned processing 
means 61 to 69 and others. The reset processing 
means 61 (Fig. 10A) starts operating upon receipt of 
a RESET command from the means 20/30 (Fig. 10B) 
and resets the system directory and the system infor- 
mation in the internal memory (IMEM) 5 (Fig. 10A), 
and then sends a RESET response to the means 
20/30. The PIN verification processing means 62 
(Fig. 10A) starts operating upon receipt of a PIN ver- 
ification command accompanied by PIN data and car- 
ries out a verification process of the PIN data with ref- 
erence to the PIN management information (Fig. 
10A), and then sends a verification result to the 
means 20/30. The card AC processing means 63 (Fig. 
1 0A) starts operating upon receipt of a card AC com- 
mand and performs a check on the card authentica- 
tion with reference to the card AC management infor- 
mation in the internal memory (IMEM) 5 (Fig. 10A), 
and then returns the card AC data to the means 
20/30. The file open processing means 64 starts op- 
erating upon receipt of a file open command and car- 
ries out a check of an access right with reference to 
the system AC management information in the IMEM 
5 (Fig. 10A), and then sends the result of the related 
file open command to the means 20/30. The E write 
1 processing means 65 starts operating upon receipt 
of an E write 1 command and the corresponding data, 
enciphers the thus given data, and returns the enci- 
phered data and a write position. The above write pos- 
ition is a write position in the external memory 
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(EMEM) 11, and is obtained by reference to the con- 
tent of the EMEM managementf ile in the IMEM 5 (Fig. 
10A). The E write 2 processing means 66 starts op- 
erating upon receipt of an E write 2 command and re- 
sultant information (the result of a write operation to 5 
the EMEM 11), and writes the result of the write oper- 
ation to the EMEM 11 for the EMEM management file 
in the IMEM 5 (Fig. 10A), and then sends the results 
of the related process to the means 20/30. The E read 
1 processing means 67 starts operating upon receipt 10 
of the E read 1 command and a file name, and search- 
es for a position in the external memory (EMEM) 11 
at which the related file is stored, with reference to the 
EMEM management file, and then sends the result 
and the position to the means 20/30 (Fig. 10B). The 15 
EMAM read 2 processing means 68 starts operating 
upon receipt of an E read 2 command and enciphered 
data and carries out a deciphering operation, with ref- 
erence to the cryptograph management information 
in the IMEM 5 (Fig. 10A), and then sends the result 20 
and the deciphered data to the means 20/30 (Fig. 
10B). The file close processing means 69 starts op- 
erating upon receipt of a file close command and car- 
ries out a file close operation, and then sends the re- 
sult to the means 20/30 (Fig. 10B). 25 

When the IC card 10 is inserted into the external 
IC card acceptance means 20, i.e. the reader- writer, 
together with the reading and writing device, the ter- 
minal means 20/30 (Fig. 10B) sends a RESET com- 
mand to the IC card 10. Where data is to be written 30 
in the external memory (EMEM) 11, the means 20 is- 
sues a PIN verification request, a card AC request, a 
file open request, and a E write 1 request, and there- 
after, the related write operation to the EMEM 11 is 
performed and the E write 2 request is issued. Where 35 
data in the EMEM 11 is to be read, the means 20 is- 
sues an E read 1 request, and thereafter, the related 
read operation to the EMEM 11 is carried out. Then an 
E read 2 request is issued, and when the access to 
the EMEM 11 is completed, a file close request is is- 40 
sued. 

When a PIN verification request is issued, a PIN 
command is sent to the processor (CPU) 4 forming 
the processing means 61 through 69; when a card AC 
request is issued, a card AC command is sent to the 45 
CPU 4 in the IC card 10; when a file open request is 
issued, a file open command is sent to the CPU 4 in 
the IC card 10; when an E write 1 request is issued, 
an E write 1 command is sent to the CPU 4 in the IC 
card 10; when an E write 2 request is issued, an E so 
write 2 command is sent to the CPU 4 in the IC card 
10; when an E read 1 request is issued, an E read 1 
command is sent to the CPU 4 in the IC card 10; and 
when an E read 2 request is issued, an E read 2 com- 
mand is sent to the CPU 4 in the IC card 1 0. 55 

Figures 11 A and 11 B are flowcharts of a process 
for each command, performed by a CPU in an IC card 
of a system embodying the invention. An initial proc- 



ess is started ("a") by a power-ON, and when a com- 
mand is received ("b") from a PIN PAD (Fig. 10B), a 
command check is carried out ("c"). If the command 
code is correct (YES in step "d"), a command parame- 
ter check is carried out ("e"). The command parameter 
check determines whether or not the attribute infor- 
mation conforms with the prescribed parameter. If the 
result at step "d" is NO, an error response is edited in 
step "K" in Fig. 11B, and an error response is sent to 
the means 20 ("L" in Fig. 1 1 B). If the result of the com- 
mand parameter check is correct (YES in step T), a 
command sequence check is started ("g"). If the result 
at step T is NO, the error response edit is carried out. 
If the result of the command sequence check is YES 
("h"), a command distribution is started ("i"). The com- 
mand sequence check is introduced to find contradic- 
tions in the command sequence; for example, if a file 
write command precedes a file open command, this 
is a contradiction. If the result of the command c se- 
quence check is NO in step "h", the flow goes to step 
"K" (Fig. 11 B). When one of the various processes is 
finished, a response is sent to the means 20 ("L u in 
Fig. 11 B). The above mentioned processes are per- 
formed in steps "A" through "J" in Fig. 11B. Note, for 
brevity, in some of these steps the reference charac- 
ter "E" represents the "EMEM", i.e., the external 
memory 11 (Fig. 5 and others). Details of these proc- 
esses will be presented below. 

Figure 12 is a detailed flow chart of the process 
"A" shown in Fig. 11B. In the E OPEN process "A", a 
double open check is carried out to avoid a double oc- 
cupation of the same file. If the result is YES, an open 
finished memo (flag) is made ON (hoist), and a nor- 
mal response is edited. If the result is NO, an error re- 
sponse is edited. 

Figure 13 is a detailed flow chart of the process 
"B" shown in Fig. 11B. In the E CLOSE process "B B , 
a double close check is carried out for a similar rea- 
son as for the double open check, and if the result is 
YES or NO, a normal or an error response is edited 
accordingly. 

Figure 14 is a detailed flow chart of the process 
"C" shown in Fig. 11 B. In the E WRITE 1 process "C", 
it is determined whether or not the related data is 
open. If the result is YES, a data title check is carried 
out to determine whether or not the related data has 
a right to access the file. If the result is YES, the cor- 
responding address is found and edited. Further, the 
corresponding key is found, and using the key, the 
write data is enciphered, and then edited. Finally, the 
related edition of the response is performed. If the re- 
sult of the step (OPEN FINISHED CHECK) is NO, the 
related edition of the response is performed. This also 
applies when the result of the data title check is NO. 

Figure 15 is a detailed flow chart of the process 
"D" shown in Fig. 11 B. In the E WRITE 2 process, an 
E write finished check is carried out. Namely, it is de- 
termined whether or not the preceding E write 1 proc- 
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ess was completed without error. If the result is YES, 
the resultant information is checked. The resultant in- 
formation indicates, for example, whether or not an 
overwrite has occurred in the external memory 
(EMEM). If the result of the check is NO. the error re- 
sponse is edited. If the check of the resultant informa- 
tion indicates a normal result, then a normal comple- 
tion of the write process is recorded (memo). If the 
check indicates an abnormal result, then an abnormal 
completion of the write process is recorded (memo). 
The normal response is then edited, wherein the term 
"normal" means that the flow per se was completed 
normally and is not concerned with the above men- 
tioned abnormal completion of the write process. 

Figure 16 is a detailed flow chart of the process 
"E" shown in Fig. 11 B. In the E READ 1 process, the 
open finish check is carried out as in the flow chart of 
Fig. 14. If the result of the check is YES. a data title 
check is started, as in the flow chart of Fig. 14. If the 
result of the check is YES, the corresponding address 
is found by the address holding means (shown by 44 
in Fig. 7), as in the flow chart of Fig. 14. and then edit- 
ed. The remaining steps are similar to those ex- 
plained before. 

Figure 17 is a detailed flow chart of the process 
"F" shown in Fig. 11 B. In the E READ 2 process, the 
E read 1 finished check is carried out in the same as 
the corresponding step in Fig. 1 5. If the result is YES, 
the corresponding cipher key is found, and using the 
key, the read data is deciphered to edit the read data. 
The remaining steps are similar to those explained 
before. 

Figure 18 is a detailed flow chart of the process 
"G" shown in Fig. 11B. In the E DELETE process, an 
open finished check is carried out, and if the result of 
the check is YES, a data title check is carried out If 
the result of this check is YES, the corresponding ad- 
dress is found and edited to delete the content of the 
directory (shown by 21 in Fig. 5). The remaining steps 
are similar to those explained before. 

Figure 9 is a detailed flow chart of the process "H" 
shown in Fig. 11 B. In the VERIFY PIN process, an au- 
thentication check for an input PIN data is carried out. 
The remaining steps are similar to those explained 
before. 

Figure 20 is a detailed flow chart of the process 
T shown in Figure 11 B. In the CREATE E FILE proc- 
ess, a validity check for the system information direc- 
tory is carried out, and if the result of the check is 
YES, then a validity of the CREATE is checked. If the 
result of this check is YES, a file registration is carried 
out. The remaining steps are the same as described 
previously. The validity of the CREATE is checked to 
confirm whether the file is created as required. If the 
result of the validity check is YES, the registration of 
the file to be created is carried out. The remaining 
steps are similar to those explained before. 

Figure 21 is a detailed flow chart of the process 



"J" shown in Fig. 11 B. In the CREATE E DIR process, 
the directory for the newly introduced file is created. 
First, double registration is checked to avoid a regis- 
tration conflict If the result of the check is YES, then 

5 it is determined whether or not a sufficient directory 
area exists. If the result of the check is YES, a regis- 
tration to the directory is carried out The remaining 
steps are similar to those explained before. 

As understood from the above description, the IC 

10 card 10 is provided, as one body* with the external 
memory (EMEM) 11, which has a very large memory 
capacity, and therefore it is possible to store a vast 
amount of information, for example, video informa- 
tion. Specifically, it is possible to record, for example, 

15 a photograph of the user's face, the user's voice, the 
user's signature, the user's fingerprints, and so on. 
Of course, it is also possible to store information 
which overflows from the internal memory (IMEM) 5. 
The date may also be recorded simultaneously, since 

20 information such as for example, a photograph of the 
user's face, will not represent the user's face after a 
period of time. The date of the record is also important 
for, for example, a driving licence, a passport, and the 
like. 

25 According to an embodiment of the present in- 

vention, a memory history management area can be 
created. The memory history management area man- 
ages information, such as mentioned above, to be 
stored in the external memory (EMEM) 11. 

30 Figure 22 is a schematic diagram of the general 

construction of devices mounted in and on an IC card, 
in particular a memory history management part ac- 
cording to an embodiment of the invention. The ar- 
rangement of Fig. 22 is a modification of the arrange- 

35 ment shown in Fig. 5, explained previously. The his- 
tory management part 70 is composed of at least a 
memory history directory 71 formed in the first direc- 
tory 21 (Fig. 5). The memory history directory 71 pre- 
ferably cooperates with a history record area 72 

40 formed in the internal memory (IMEM), i.e. the file 9 
(Fig. 5). The history directory 71 and the record area 
72 are controlled by the processor (CPU) 4, in partic- 
ular by the external memory access means (EMAM) 
23. 

45 Figures 23A and 23B show a specific arrange- 

ment of a memory history management part shown in 
Fig. 22. The data files in the external memory may be 
used with a regulated format as shown by 11 in Fig. 
23B or a free format as shown by 11'. The external 

50 memory (EMEM) 1 1 (left side in Fig. 23B) is formatted 
as a plurality of blocks, such as B 1t B 2 — B n . In the 
example, block B t is allotted to photograph data, B 2 
to voice data, B 3 to fingerprint data, B 4 to signature 
data, and B 5 to overflow data from the internal mem- 

55 ory (IMEM) 5. Each of the blocks B 1 through B n is 
composed of a plurality of sections St through S m . 

As shown in Fig. 23A, the internal memory 
(IMEM) 5 contains therein the memory history direc- 
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tory 71 and the history record area 72, as the memory 
history management part 70 (Fig. 22). The memory 
history directory 71 indicates physical addresses on 
the external memory (EMEM) 11. The history record 
area 72 is divided with a plurality of rows, and each 
row is predefined by both block numbers B 1f B 2 — B n 
and section numbers S 1( S 2 — S m . Therefore, each 
time a write operation to the blocks B, thorugh B n of 
Fig.23B is carried out, the date on which the related 
write operation was made is recorded in the corre- 
sponding row of the history record area 72 (Fig. 23A). 

Figures 24A and 24B are a flow chart of the read 
and write operations to an external memory (EMEM), 
and also depict an arrangement of the related mem- 
ories. The content of Fig. 24A is substantially the 
same as the content shown in Figs. 23A and 23B. The 
processing flow of Fig. 24B is programmed in the ex- 
ternal memory access means (EMAM) 23 in Fig. 23A 
and the program is executed by the external IC card 
acceptance means 20 (terminal machine) and, if nec- 
essary, the terminal station 30. The communication is 
handled by the reader-writer and the reading and writ- 
ing device. 

When a read command and the corresponding 
logical address are sent from the acceptance means 
20, a read operation is started by the processor (CPU) 
4 in the IC card 10 (refer to "a" in Fig. 24B). This com- 
mand is a request to scan the history, and thus a cor- 
responding search in the history directory 71 is car- 
ried out ( n b") and the physical address corresponding 
to the searched logical address is found. Using the 
found physical address, data is read from the EMEM 
11 by the acceptance means 20 ("c"), and thereafter, 
the date on which the related read operation was car- 
ried out is written in the history directory 71 by the 
CPU 4 ("d"). The thus read data is sent to a demander 
of the related read request, e.g. the terminal station 
30, by the acceptance means 20 ("e"). 

When a write command, the corresponding logi- 
cal address, and the corresponding write data are re- 
ceived by the CPU 4 (T). the CPU 4 (Fig. 23A) carries 
out a search of the history directory 71 using the given 
logical address, to find the corresponding physical 
address ("g"). Based on the found physical address, 
the related write operation is carried out by the accep- 
tance means 20 ("h"), and thereafter, the date on 
which the write operation was carried out is recorded 
by the CPU 4 (V). The result of the write operation is 
sent to the demander of the related write request, e.g., 
the terminal station 30, by the acceptance means 20 
(T). 

As explained above in detail, an IC card of a sys- 
tem embodying the invention can handle a vast 
amount of data compared to the conventional IC card 
1. Although the external memory (EMEM) is exposed 
outside the body of the IC card, security for the data 
stored therein can be assured because the EMEM is 
governed by the internal CPU alone. 



Claims 

1. An IC card (10) containing a processor (4), for 
communicating with an external card- 
5 acceptance device (20), and an internal memory 

(5), connected to cooperate with the processor 
(4), for storing data to be accessed by the proc- 
essor (4), there being mounted on a surface of 
the card (10) an external memory (11) for storing 
10 further data, which further data is to be accessi- 

ble only by way of the said external card- 
acceptance device (20), 

characterised in that the said internal 
memory (5) includes a directory (21 ,44) for star- 
ts ing respective addresses at which data files (1 9) 
are stored in the external memory (11), and in 
that the said processor (4) is provided with an ex- 
ternal memory access program for enabling such 
a card-acceptance device (20) to obtain, from the 
20 said directory (21), address information neces- 
sary to enable the card-acceptance device (20) to 
access such files in the external memory (11). 
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2. An IC card as claimed in claim 1 , wherein the said 
external memory (11) has a memory capacity 
larger than that of the said internal memory (5). 

3. An IC card as claimed in claim 1 or 2, wherein the 
said external memory (11) is an optical memory. 

4. An IC card as claimed in claim 3, wherein the said 
external memory (11) is a laser memory. 

5. An IC card as claimed in any preceding claim, 
wherein data can only be stored in the said exter- 
nal memory (11) under control of the said proc- 
essor (4). 

6. An IC card as claimed in any one of claims 1 to 
4, wherein the read and write operations for the 
said external memory (11) are carried out by us- 
ing only addresses handled by the said processor 
(4). 

7. An IC card as set forth in any preceding claim, 
wherein user identity data relating to an IC card 
owner is stored in the said external memory (11). 

8. An IC card as claimed in any preceding claim, 
wherein the said external memory (11) contains 
a password area (1 7) used for an authentication 
check of said external memory (11) by the said 
processor (4). 

9. An IC card as claimed in claim 7, wherein an ad- 
dress at which new data is to be written in the ex- 
ternal memory (11) is selected from the said di- 
rectory (21) by finding therein an external mem- 
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ory address denoted in that directory as being va- 
cant 



11. An IC card as claimed in claim 10, wherein the 
said processor includes a write processing 
means (43), a first read processing means (41 ) 
and a second read processing means (42), 

the said write processing means (43) be- 
ing operable, upon receipt of a write command 
and the corresponding write data, to encipher the 
received write data with reference to the said 
cryptographic management information, to 
search the said directory (21) for an address, in 
the said external memory (11), at which the enci- 
phered write data is to be written, and to send the 
enciphered write data and the corresponding ad- 
dress to the card-acceptance device (20), 

the said first read processing means (41) 
being operable, upon receipt of a first read com- 
mand and an individual file number of a required 
data file in the external memory (11), to search 
the said directory (21) for the read address cor- 
responding to the said individual file number and 
to send that address to the card-acceptance de- 
vice (20), and 

the said second read processing means 
(42) being operable, upon receipt of a second 
read command and enciphered read data, to de- 
cipher the received enciphered read data, with 
reference to the said cryptographic management 
information, and to send the deciphered read 
data to the card-acceptance device (20). 

12. An IC card as claimed in claim 10, wherein the 
said external card- acceptance device (20) coop- 
erates, when the said processor (4) is to perform 
a write operation, with the said IC card, so that the 
write command and corresponding write data are 
sent to the IC card, enciphered write data and the 
corresponding address for writing in the external 
memory (11) are obtained from the IC card, and 
the enciphered write data is written in the external 
memory (11). 

13. An IC card as claimed in claim 10 or 12, wherein 
the said external card-acceptance device (20) co- 
operates, when the said processor (4) is to per- 
form a read operation, with the IC card, so that a 
first read command and an individual file number 
are sent to the IC card, the required read address 



corresponding to the individual file number is ob- 
tained from the IC card by searching the said di- 
rectory (21) and that read address is sent to the 
card-acceptance device (20), enciphered read 
data is obtained from the external memory (11) 
by using the said read address, the enciphered 
read data from the external memory (11) is sent 
to the IC card with a second read command, and 
deciphered read data is sent from the IC card to 
the said card-acceptance device (20) in response 
to the second read command. 

14. An IC card as claimed in any preceding claim, 
wherein the internal memeory (5) includes mem- 

15 ory history management means, for managing 

historical information relating to the storage of 
data in the said external memory (11). 

15. An IC card as claimed in claim 14, wherein the 
20 said directory (21)includes a memory history di- 
rectory (71). 

16. An IC card as claimed in claim 15, wherein the 
said internal memory (5) includes a history re- 

25 cord area (72), management of the said historical 

information being performed by the said proces- 
sor (4) in cooperation with the said history record 
area (72) and the said memory history directory 
(71). 

30 

17. An IC card as claimed in claim 16, wherein the 
said history record area (72) serves to store a 
date on which a read or write operation was car- 
ried out from or to the said external memory (11). 

35 

18. An IC card as claimed in claim 16 or 17, wherein 
the said memory history directory (71) serves to 
correlate data entries in the said history record 
area (72) with the respective corresponding ad- 

40 dresses in the said external memory (11). 

19. An IC card as claimed in claim 18, wherein data 
stored at the said respective corresponding ad- 
dresses represents a photograph of a face, 

45 and/or a voice, and/or a fingerprint, and/or a sig- 

nature of an IC card user. 

20. An IC card as claimed in claim 18 or 19, wherein 
data stored at the said respective corresponding 

50 addresses comprises data which overflows from 

the said internal memory (5) owing to a lack of 
sufficient memory capacity thereof. 

21. An IC card as claimed in any preceding claim, 
55 wherein the said internal memory (5) is a non-vol- 
atile memory. 

22. An IC card as claimed in any preceding claim, 



10. An IC card as claimed in any preceding claim, 

wherein cryptographic management information s 
is stored in the said internal memory (5), for use 
in enciphering and deciphering data passed be- 
tween the said processor (4) and the said exter- 
nal memory (11) by way of the said card- 
acceptance device (20). 10 
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wherein the said internal memory (5) is an elec- 
tronically erasable programmable read only 
memory (EEPROM). 

23. An IC card as claimed in any preceding claim, in 
combination with an external card-acceptance 
device (20) operative on the basis of address 
data read by the device from the said internal 
memory (5) to access data in the said external 
memory (11). 



Patentanspruche 

1. IC-Karte (10), welche einen Prozessor (4) zum 
Kommunizieren miteinerexternen Kartenannah- 
meanordnung (20) und einen internen Speicher 
(5), derangeschlossen ist, urn mitdem Prozessor 
(4) zusammenzuarbeiten, zum Speicher n von 
Daten, die fur den Prozessor (4) zugangig sind, 
enthalt, wobei auf einer Flache der Karte (10) ein 
externer Speicher (11) zum Speichern weiterer 
Daten montiert ist, welche weiteren Daten nur 
mittels dergenannten externen Kartenannahme- 
anordnung (20) zugangig sind, 

dadurchgekennzeichnet, daSdergenann- 
te interne Speicher (5) ein Verzeichnis (21, 44) 
zum Speichern entsprechender Adressen, an de- 
nen Datendateien (15) im externen Speicher ge- 
speichert sind, enthalt, und daR der genannte 
Prozessor (4) mit einem externen Speicherzu- 
griffsprogramm versehen ist, um zu ermoglichen, 
daB eine derartige Kartenannahmeanordnung 
(20), vom genannten Verzeichnis (21 ), Adressen- 
informationen erhalt, die notwendig sind, um zu 
ermoglichen, daR die Kartenannahmeanordnung 
(20) auf derartige Dateien im externen Speicher 
(11) zugreift. 

2. IC-Karte nach Anspruch 1, bei welcher der ge- 
nannte externe Speicher (11) eine groRere Spei- 
cherkapazitat als jene des genannten internen 
Speichers (5) aufweist. 

3. IC-Karte nach Anspruch 1 Oder 2, bei welcher der 
genannte externe Speicher (11) ein optischer 
Speicher ist. 

4. IC-Karte nach Anspruch 3, bei welcher der ge- 
nannte externe Speicher (11) ein Lasers peicher 
ist. 

5. IC-Karte nach einem der vorhergehenden An- 
spruche, bei welcher Daten nur im genannten 
Speicher (11) unterder Steuerung des genannten 
Prozessors (4) gespeichert werden konnen. 

6. IC-Karte nach einem der Anspruche 1 bis 4, bei 



welcher die Schreib- und Leseoperationen fur 
den genannten externen Speicher (11) nurunter 
Verwendung von vom genannten Prozessor (4) 
bearbeiteten Adressen durchgef uhrt werden. 

7. IC-Karte nach einem der vorhergehenden An- 
spruche, bei welcher Benutzeridentitatsdaten in 
bezug auf einen IC-Kartenbesitzer im genannten 
externen Speicher (11) gespeichert werden. 



10 



8. IC-Karte nach einem der vorhergehenden An- 
spruche, bei welcher der genannte externe Spei- 
cher (11) einen Pa&wortbereich (17), der zur Au- 
thentisierungsprufung des genannten externen 

15 Speichers (11) durch den genannten Prozessor 

(4) verwendet wird, enthalt 

9. IC-Karte nach Anspruch 7, bei welcher eine 
Adresse, an der neue Daten in den externen 

20 Speicher (11) zu schreiben sind, aus dem ge- 

nannten Verzeichnis (21) ausgewahlt wird, indem 
darin eine externe Speicheradresse, die in die- 
sem Verzeichnis alsf rei bezeichnet ist aufgef un- 
den wird. 

25 

10. IC-Karte nach einem der vorhergehenden An- 
spruche, bei welcher kryptographische Verwal- 
tungsinformationen im genannten internen Spei- 
cher (5) zur Verwendung bei der Verschlusselung 

30 und Entschliisselung von Daten, die zwischen 

dem genannten Prozessor (4) und dem genann- 
ten externen Speicher (11) mittels der genannten 
Kartenannahmeanordnung (20) weitergereicht 
werden, gespeichert werden. 

35 

11. IC-Karte nach Anspruch 10, bei welcher der ge- 
nannte Prozessor eine Schreibverarbeitungsein- 
richtung (43), eine erste Leseverarbeitungsein- 
richtung (41) und eine zweite Leseverarbeitungs- 

40 einrichtung (42) enthalt, 

wobei die genannte Schreibverarbei- 
tungseinrichtung (43), beim Empfang eines 
Schreibbefehls und der entsprechenden Schreib- 
daten, betreibbar ist, um die empfangenen 

45 Schreibdaten unter Bezugnahme auf die genann- 

ten kryptographischen Verwaltungsinformatio- 
nen zu verschlusseln, das genannte Verzeichnis 
(21) nach einer Adresse im genannten externen 
Speicher (11) zu durchsuchen, an der die ver- 

50 schlusselten Schreibdaten zu schreiben sind, 

und die verschlusselten Schreibdaten und die 
entsprechende Adresse an die Kartenannahme- 
anordnung (20) zu senden, 

wobei die genannte erste Leseverarbei- 

55 tungseinrichtung (41), beim Empfang eines er- 

sten Lesebefehls und einer einzelnen Dateinum- 
mer einer erforder lichen Datei im externen Spei- 
cher (11), betreibbar ist, um das genannte Ver- 
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zeichnis (21) nach der Leseadresse, die der ge- 
nannten einzelnen Dateinummer entspricht, zu 
durchsuchen, und diese Adresse an die Karten- 
annahmeanordnung (20) zu senden, und 

wobei die genannte zweite Leseverarbei- 5 
tungseinrichtung (42), beim Empfang eines zwei- 
ten Lesebefehls und von verschlusselten Lese- 
daten, betreibbar ist, um die empfangenen ver- 
schlusselten Lesedaten unter Bezugnahme auf 
die genannten kryptographischen Verwaltungs- 10 
informationen zu entschlusseln, und die ent- 
schlusselten Lesedaten an die Kartenannahme- 
anordnung (20) zu senden. 



12. IC-Karte nach Anspruch 10, bei welcher die ge- 
nannte externe Kartenannahmeanordnung (20), 
wenn der genannte Prozessor (4) eine Schreib- 
operation durchzuf uhren hat, mit der genannten 
IC-Karte zusammenarbeitet, so daB der Schreib- 
befehl und entsprechende Schreibdaten an die 
IC-Karte gesendet werden, verse hi usselte 
Schreibdaten und die entsprechende Adresse 
zum Schreiben im externen Speicher (11 ) von der 
IC-Karte erhalten werden, und die verschlussel- 
ten Schreibdaten in den externen Speicher (11) 
geschrieben werden. 

13. IC-Karte nach Anspruch 10 oder 12, bei welcher 
die genannte externe Kartenannahmeanordnung 
(20), wenn der genannte Prozessor (4) eine Le- 
seoperation durchzufuhren hat, mit der genann- 
ten IC-Karte zusammenarbeitet, so daB ein er- 
ster Lesebefehl und eine einzelne Dateinummer 
an die IC-Karte gesendet werden, die erforderli- 
che Leseadresse, die der einzelnen Dateinum- 
mer entspricht, von der IC-Karte erhalten wind, in- 
dem das genannte Verzeichnis (21) durchsucht 
wird, und diese Leseadresse an die Kartenan- 
nahmeanordnung (20) gesendet wird, verschlus- 
selte Lesedaten vom externen Speicher (11) un- 
ter Verwendung der genannten Leseadresse er- 
halten werden, die verschlusselten Lesedaten 
vom externen Speicher (11) zur IC-Karte mit ei- 
nem zweiten Lesebefehl gesendet werden, und 
entschlusselte Lesedaten von der IC-Karte zur 
genannten Kartenannahmeanordnung (20) an- 
sprechend auf den zweiten Lesebefehl gesendet 
werden. 



verzeichnis (71) enthalL 

16. IC-Karte nach Anspruch 15, bei welcher der ge- 
nannte interne Speicher (5) einen Protokolldaten- 
satzbereich (72) e nth alt, wobei die Verwaltung 
der genannten Protokoll informationen vom ge- 
nannten Prozessor (4) in Zusammenarbeit mit 
dem genannten Protokolldatensatzbereich (72) 
und dem genannten Speicherprotokoll verzeich- 
nis (71) durchgefuhrt wird. 

17. IC-Karte nach Anspruch 16, bei welcher der ge- 
nannte Protokolldatensatzbereich (72) dazu 
dient, ein Datum, zu dem eine Lese- Oder 

15 S ch re i bope ration aus oder in dem genannten ex- 

ternen Speicher (11) durchgefuhrt wurde, zu 
speichern. 

18. IC-Karte nach Anspruch 16 oder 17, bei welcher 
20 das genannte Speicherprotokoll verzeichnis (71) 

dazu dient, Dateneintrage im genannten Proto- 
kolldatensatzbereich (72) mit den jeweiligen ent- 
sprechenden Adressen im genannten externen 
Speicher (11) zu korrelieren. 

25 

19. IC-Karte nach Anspruch 18, bei welcher Daten, 
die an den genannten jeweiligen entsprechenden 
Adressen gespei chert werden, eine Photogra- 
phic eines Gesichts und/oder eine Stimme und- 

30 /oder einen Fingerabdruck und/oder eine Unter- 

schrift eines IC-Kartenbenutzers re prase n tie re n. 

20. IC-Karte nach Anspruch 18 oder 19, bei welcher 
Daten, die an den genannten jeweiligen entspre- 

35 chenden Adressen gespeichert werden, Daten 

umfassen, die vom genannten internen Speicher 
(5) auf Grund eines Mangels an ausreichender 
Speicherkapazitat davon uberlaufen. 

40 21. IC-Karte nach einem der vorhergehenden An- 
spruche, bei welcher der genannte interne Spei- 
cher (5) ein nicht-fluchtiger Speicher ist. 

22. IC-Karte nach einem der vorhergehenden An- 
45 spruche, bei welcher der genannte interne Spei- 
cher (5) ein elektronisch loschbarer, program- 
mierbarer Festwertspeicher (EEPROM) ist. 

23. IC-Karte nach einem der vorhergehenden An- 
spruche, in Kombination mit einer externen Kar- 
tenannahmeanordnung (20), betreibbar auf Ba- 
sis von Adressendaten, die von der Anordnung 
aus dem genannten internen Speicher (5) gele- 
sen werden, um auf Daten im genannten exter- 
nen Speicher (11) zuzugreifen. 



14. IC-Karte nach einem der vorhergehenden An- so 
spruche, bei welcher der interne Speicher (5) ei- 
ne Speicherprotokoll-Verwaltungseinrichtung 
zum Verwalten von Protokoll information en in be- 
zug auf die Speicherung von Daten im genannten 
externen Speicher (11 ) enthalL 55 

15. IC-Karte nach Anspruch 14, bei welcher das ge- 
nannte Verzeichnis (21) ein Speicherprotokoll- 

11 
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Revendications 

1. Carte a circuit integre (IC) (10) contenant un pro- 
cesseur (4) pour communiquer avec un dispositif 
d'acceptation de carte externe (20), et une me- 
moire interne (5), connectee pour cooperer avec 
le processeur (4), pour stocker des donnees des- 
tinees a etre accedees par le processeur (4), une 
memoire externe (11), permettantde stocker des 
donnees supplementaires, lesquetles donnees 
supplementaires sont destinees a etre accedees 
seulement au moyen dudit dispositif d'accepta- 
tion de carte externe (20), etant montee sur la 
surface de la carte (10), 

caracterise en ce que ladite memoire inter- 
ne (5) inclut un repertoire (21, 44) pour stocker 
des adresses respectives au niveau desquelles 
des fichiers (19) sont stockes dans la memoire 
externe (11), eten ce que ledit processeur (4) est 
muni d'un programme d'acces de m6moire exter- 
ne pour permettre a ce dispositif d'acceptation 
de carte (20) d'obtenir, a partir dudit repertoire 
(21), une information d'adresse necessaire pour 
permettre au dispositif d'acceptation de carte 
(20) d'acceder au f ichier contenu dans la memoi- 
re externe (11). 

2. Carte a IC selon la revendication 1 , dans iaquelle 
ladite memoire externe (11) presente une capa- 
city memoire superieure a celle de ladite memoire 
interne (5). 

3. Carte a IC selon la revendication 1 ou 2, dans Ia- 
quelle ladite memoire externe (11) est une me- 
moire optique. 

4. Carte a IC selon la revendication 3, dans Iaquelle 
ladite memoire externe (11) est une memoire la- 
ser. 

5. Carte a IC selon I'une quelconque des revendica- 
tions precedentes, dans Iaquelle des donnees 
peuvent seulement etna stockees dans ladite me- 
moire externe (11) sous la commande dudit pro- 
cesseur (4). 

6. Carte a IC selon I'une quelconque des revendica- 
tions 1 a 4, dans Iaquelle les operations de lectu- 
re et d'ecriture pour ladite memoire externe (11) 
sont mises en oeuvre en utilisant seulement des 
adresses manipuiees par ledit processeur (4). 

7. Carte a IC selon I'une quelconque des revendica- 
tions precedentes, dans Iaquelle des donnees 
d'identification d'utilisateurconcernantun deten- 
teur de carte a IC sont stockees dans ladite me- 
moire externe (11). 



8. Carte a IC selon I'une quelconque des revendica- 
tions precedentes, dans Iaquelle ladite memoire 
externe (11) contient une zone de mot de passe 
(17) utilisee pour un contrdle d'authentification 

5 de ladite memoire externe (11) par ledit proces- 

seur (4). 

9. Carte a IC selon la revendication 7, dans Iaquelle 
une adresse au niveau de Iaquelle de nouvelles 

10 donnees doivent etre ecrites dans la memoire ex- 

terne (11) estchoisie dans ledit repertoire (20) en 
recherchant en son sein une adresse de memoire 
externe indiquee dans ce repertoire comme etant 
vacante. 

15 

10. Carte a IC selon I'une quelconque des revendica- 
tions precedentes, dans Iaquelle une information 
de gestion cryptograph ique est stockee dans la- 
dite memoire interne (5) en vue d'une utilisation 

20 pour chiffrer et dechiff rer des donnees passees 

entre ledit processeur (4) et ladite memoire exter- 
ne (11) au moyen dudit dispositif d'acceptation de 
carte (20). 

25 11. Carte a IC selon la revendication 7, dans Iaquelle 
ledit processeur inclut un moyen de traitement 
d'ecriture (43), un premier moyen de traitement 
de lecture (41) et un second moyen de traitement 
de lecture (42), 

30 ledit moyen de traitement d'ecriture (43) 

pouvant fonctionner, suite a la reception d'une 
commande d'ecriture et des donnees d'ecriture 
correspondantes, pour chiffrer les donnees 
d'ecriture recues par reference a ladite informa- 

35 tion de gestion cryptographique afin de recher- 

cher une adresse dans ledit repertoire (21), dans 
ladite memoire externe (11), adresse au niveau 
de Iaquelle les donnees d'ecriture chif frees doi- 
vent etre ecrites, et afin d'envoyer les donnees 

40 d'ecriture chiffrees et I'adresse correspondante 

au dispositif d'acceptation de carte (20), 

ledit premier moyen de traitement de lec- 
ture (41) pouvant fonctionner suite a la reception 
d'une premiere commande de lecture et d'un nu- 

45 mero de f ichier individuel d'un f ichier de donnees 

requis contenu dans la memoire externe (11) 
pour rechercher dans ledit repertoire (21) I'adres- 
se de lecture correspond ant audit numero de f i- 
chier individuel et pour envoyer cette adresse au 

50 dispositif d'acceptation de carte (20) ; et 

ledit second moyen de traitement de lectu- 
re (42) pouvant fonctionner suite a la reception 
d'une seconde commande de lecture et de don- 
nees de lecture chiffrees pour dechiff rer les don- 

55 nees de lecture chiffrees recues par reference a 

ladite information de gestion cryptographique et 
pour envoyer les donnees de lecture dech if frees 
au dispositif d'acceptation de carte (20). 
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12. Carte a IC selon la revendication 10, dans laquel- 
le (edit dispositif d'acceptation de carte extern e 
(20) coopere, lorsque ledit process eur (4) doit 
realiser une operation d'ecriture, avec ladite car- 
te a IC de telle sorte que ia commande d'ecriture 5 
et que des donnees d'ecriture correspondantes 
soient envoyees a la carte IC, que des donnees 
d'ecriture chif frees et que I'adresse correspon- 
dante pour I'ecriture dans la memoire externe 
(11) soient obtenues a partir de la carte a IC et 10 
que les donnees d'ecriture chiffrees soient ecri- 
tes dans la memoire externe (11). 

13. Carte a IC selon la revendication 10 ou 12, dans 
laquelle ledit dispositif d'acceptation de carte ex- 15 



terne (20) coopere, lorsque ledit processeur (4) 
doit realiser une operation de lecture, avec la car- 
te a IC de telle sorte qu'une premiere commande 
de lecture et qu'un numero de f ichier individuel 
soient envoyes a la carte a IC, que I'adresse de 
lecture requise correspondant au numero de fi- 
eri ier individuel soit obtenue a partir de la carte a 
IC en recherchant ledit repertoire (21) et que 
I'adresse de lecture soit envoyee au dispositif 
d'acceptation de carte (20), que des donnees de 
lecture chiffrees soient obtenues depuis la me- 
moire externe (11) en utilisant ladite adresse de 
lecture, que les donnees lues chiffrees prove- 
nant de la memoire externe (11) soient envoyees 
a la carte a IC a I'aide d'une seconde commande 
de lecture et que les donnees lues dechiffrees 
soient envoyees depuis la carte a IC audit dispo- 
sitif d'acceptation de carte (20) en reponse a la 
seconde commande de lecture. 



rapport a ladite memoire externe (11). 

18. Carte a IC selon la revendication 16 ou 17, dans 
laquelle ledit repertoire d'historique de memoire 
(71 ) sert a correler des entrees de donnees dans 
ladite zone d'enregistrement d'historique (72) 
avec les adresses correspondantes respect ives 
dans ladite memoire externe (11). 

19. Carte a IC selon la revendication 18, dans laquel- 
le des donnees stockees au niveau desdites 
adresses correspondantes respectives repre- 
sented une photographie d'un visage et/ou une 
voix et/ou une empreinte digitale et/ou une signa- 
ture d'un detenteur de carte a IC. 

20. Carte a IC selon la revendication 18, dans laquel- 
le des donnees stockees au niveau desdites 
adresses correspondantes respectives compren- 

20 nent des donnees qui sont en depassement par 

rapport a ladite memoire interne (5) du fait du 
manque d'une capacite memoire suffisante de 
ceile-ci. 

25 21. Carte a IC selon Tune quelconque des revendica- 
tions precedentes, dans laquelle ladite memoire 
interne (5) est une memoire non volatile. 

22. Carte a IC selon Tune quelconque des revendica- 
30 tions precedentes, dans laquelle ladite memoire 

interne (5) est une memoire morte programmable 
et effacable electroniquement (EEPROM). 

23. Carte a IC selon Tune quelconque des revendica- 
tions precedentes, en combinaison avec un dis- 
positif d'acceptation de carte externe (20) qui 
fonctionne sur la base de donnees d'adresse lues 
par le dispositif dans ladite memoire interne (5) 
afin d'accedera des donnees contenues dans la- 
dite memoire externe (11). 



14. Carte a IC selon I'une quelconque des revendica- 
tions precedentes, dans laquelle la memoire in- 
terne (5) inclut un moyen de gestion d'historique 
de memoire pour gerer une information d'histori- 
que concernant le stockage des donnees dans la- 40 
dite memoire externe (11). 

15. Carte a IC selon la revendication 14, dans laquel- 
le ledit repertoire (21) inclut un repertoire d'histo- 
rique de memoire (71). 45 

16. Carte a IC selon la revendication 15, dans laquel- 
le ladite memoire interne (5) inclut une zone d'en- 
registrement d'historique (72), la gestion de ladi- 
te information d'historique etant realisee par ledit so 
processeur (4) en cooperation avec ladite zone 
d'enregistrement d'historique (72) et avec ledit 
repertoire d'historique de memoire (71). 

1 7. Carte a IC selon la revendication 1 6, dans laquel- 55 
le ladite zone d'enregistrement d'historique (72) 

sert a stacker une date a laquelle une operation 
de lecture ou d'ecriture a ete mise en oeuvre par 



13 



EP 0 330 404 B1 



Fig. I 




Fig. 2 



2 



CPU 


IMAM 




-6 




DI RECTORY 




_ 7 




FORMAT AREA 




- 8 


I MEM 


FORMAT AREA 






I 

1 








FORMAT AREA 




-8 



14 




EP 0 330 404 B1 



Fig. 3 




15 




EP 0 330 404 B1 



Fig. 5 



11 



10 



CPU 



IMEM 



IMAM 



FIRST DIRECTORY 



SECOND DIRECTORY 



FORMAT AREA 



FORMAT AREA 





PASSWORD AREA 




FORMAT AREA 


EMEM 


FORMAT AREA 




I 
I 
1 




FORMAT AREA 



6 

23 
21 

22 
-8 

•8 

"17 
18 



•18 



19 



16 



EP 0 330 404 B1 




3DVJU3JLNI L 



O 

CM 



I/MVIN3 ~IVNII/Via3± 



in 

CM" 



01 






c/) 




UJ 


LU 






O 




U- 


O 






< 




m 



8 



30X/Ja31NJ > 




17 




EP 0 330 404 B1 




CO 
Ld CO 

£ o- 

Q_ 



CO 
CO 
LlI 

cr 
o 

Q 

< 



Q 

_l 

o 

X 

5 



CO 
LU 



] [ 



X 

Q_ ZO ^ 
< LU»-* uj 

gals 

Mel 



5 



UJ 

LlI 



18 




EP 0 330 404 B1 



uo 




19 




EP 0 330 404 B1 



LU _ 
OO 
Z CVJ 

V-4 <t ^ 

^ 



0> 



o < 



Q 
QZ 
O 
4- 
CM 

a 



Q 

q: 
o 



o 



LxJ 

»— 4 

ot: 



CD 

i— i 
if) 

LU ^ 
O 



O 

q: 

CL 



l±J 



Q CD 

< z 

UJ ~ 

i-Wz 












LU — ■ 






Q -! 


< 


Q O 


LU 


<X X 


2 



LU 
LU 



5 




20 



EP 0 330 404 B1 



Fig. 10 A 



lO 



Fig.lO 
Fig.lOAlFig.lOB 1 



-7+ 



IMEM 



SYSTEM / SYSTEM 



r 



DIRECTOR Y/I N FORMATION 



PIN MANAGEMENT 
INFORMATION 



CARD ISSUER ID 

MANAGEMENT 

INFORMATION 



CARD AC 

MANAGEMENT 

INFORMATION 



C 



APL-ID MANAGEMENT 
INFORMATION 



SYSTEM AC . 

MANAGEMENT 

INFORMATION 



C 



CRYPTOGRAPH ^ 
MANAGEMENT C 
INFORMATION 



EMAM 
DIRECTORY 



EMEM 
MANAGE- C 
MENT 
FILE 

1 — — > 

•DATA 1 • C 

!FILE ; 



(data 2! 
•FILE j 

I 1 



c 



c 



61 



RESET- PROCESS 



RESET- PROCESS 



62 



PIN- VERIFICATION 
PROCESS 



63 



CARD AC- PROCESS 



64 



EMEM 



RLE OPEN 
PROCESS 



i /CHECK ACCESS \ J 
\ RIGHT /! 



(DATA l"l rDATA 2i 



E- WRITE 1 
PROCESS 



65 



66 



E- WRITE 2 
PROCESS 



EREAD 1 
PROCESS 



T 
67 



CD 
O 



68 



L JL.-rrrrd- 

i i 



E READ 2 
PROCESS 



FILE CLOSE 
PROCESS 

^69 



21 




EP 0 330 404 B1 



CP 



Fig. 10 B 



IC CARD INSERTION 



3 



C (RESET ) 



R( RESET RESPONSE ). 

C/PIN- VERIFICATION \- 
l PIN- DATA / 

R/ VERIFICATION \ — 
\ RESULT ; 



C ( CARD AC ) 



-R (CARD AC DATA ) 



C (FILE OPEN ) 



R( FILE OPEN RESULT)- 
-C(EMAM WRITE1.DATA)- 



. R/ RESULT.CIPHERED \. 
VDATA WRITE POSITION/ 



20, 30 



(CIPHERED DATA WRITE ) 

-C/E- WRITE 2, RESULTANTV- 
V INFORMATION ' 

-R (RESULT OF PROCESS )- 

-C(E READ1. FILE NAME )- 



-R/RESULT, POSITION \ 
V INFORMATION / 



(OPHERED DATA READ ) 
-C(E- READ 2, CIPHERE D 



DATA 



) 



R/RESULT DECIPHERED^ 
' \ DATA r 
ClFILE CLOSE) 



K 



-RIFILE CLOSE RESULT) 



IC CARD DISCHARGE 



RECEPTION OF 
INITIATE 

I 



iPLNVERrnCATION 
REQUEST 



OK 




IN 



CARD AC 
REQUEST 



A- n - g - 

okY 




FILE OPEN REQUEST 



E- WRITE 1 REQUEST 
I 



WRITE PROCESS 



E- WRITE 2 REQUEST 



E- READ 1 REQUEST 



READ PROCESS 



ERE AD 2 REQUEST 



I 



RLE CLOSE REQUEST 



22 




23 




EP 0 330 404 B1 



03 




24 



EP0 330 404 B1 



Fig. 12 



Q E OPEN^ fl 







DOUBLE OPEN 
CHECK 








NO 



OPEN FINISHED 
MEMO ON 



EDIT NORMAL 
RESPONSE 



c 



EDIT ERROR 
RESPONSE 



RETURN 



0 



25 



EP 0 330 404 B1 



Fig. 13 



(e- close)-^ 



B 







DOUBLE CLOSE 
CHECK 








NO 



OPEN FINISHED 
MEMO OFF 



EDIT NORMAL 
RESPONSE 



c 



EDIT ERROR 
RESPONSE 



RETURN 



) 



26 



EP 0 330 404 B1 



Fig. 14 



(e- WRITE C 



OPEN FINISHED 
CHECK 




O K 



NO 



YES 



DATA TITLE 
CHECK 




ADDRESS FIND 
AND CHECK 



FIND CIPHER 
KEY 



CIPHER WRITE 
DATA 



EDIT WRITE 
DATA 



EDIT NORMAL 
RESPONSE 



EDIT ERROR 
RESPONSE 



(^return) 



27 



EP0 330 404 B1 



Fig. 1 5 



(E- WRITE 2yr- D 







E- WRITE ! 
F1NLSHED CHECK 








NO 



RESULTANT 
INFORMATION 

CHECK 




WRITE PROCESS 
NORMALLY FINISH 
MEMO 



WRITE PROCESS 
ABNORMALLY 
FINISH MEMO 



EDIT NORMAL 
RESPONSE 



EDIT ERROR 
RESPONSE 



Q RETURN^) 



28 



EP 0 330 404 B1 



Fig. 16 



(e- READ \ \s~E 







OPEN FINISHED 
CHECK 







O K 



( FILE NAME) 





YES 


DATA TITLE 
CHECK 








/ POSITION 
V INFORMATION 



ADDRESS FIND 
AND EDIT 



EDIT NORMAL 
RESPONSE 



EDIT ERROR 
RESPONSE 



^ RETURN^) 



29 



EP 0 330 404 B1 



Fig. 17 



(e- READ 







E- READ 1 
FINISHED CHECK 








NO 



FIND CIF 

KE> 


'HER 

r 






DECIPHER 
READ DATA 


1 


EDIT R 
DATA 


EAD 



EDIT NORMAL 
RESPONSE 



EDIT ERROR 
RESPONSE 



0 



RETUR 



30 



EP 0 330 404 B1 



Fig. 18 



(e- delete^ g 



OPEN FINISHED 
CHECK 




DATA TITLE 
CHECK 




ADDRESS FIND 
AND EDIT 



DELETE CONTENT 
OF DIRECTORY 



EDIT NORMAL 
RESPONSE 



EDIT ERROR 
RESPONSE 



(^RETURN ^ 



31 



EP 0 330 404 B1 



Fig. I 9 



(VERIFY Y^^ 1 
PIN J 







VERIFY INPUT 
PI N DATA 








EDIT NORMAL 
RESPONSE 



0 



EDIT ERROR 
RESPONSE 



RETURN 



32 



EP 0 330 404 B1 



Fig. 20 



CREATE 
E- FILE 




SYSTEM INFORMATION 
DIRECTORY VALI DITLY 
CHECK 






YES 


CREATE 
VALIDITY 


CHECK 








FILE 

REGISTRATION 



EDIT NORMAL 
RESPONSE 



c 



EDIT ERROR 
RESPONSE 



RETURN 



33 



EP 0 330 404 B1 



Fig. 2 1 



CREATE 
E- DIR 







DOUBLE REGISTRATION 
CHECK 








NO 



CHECK LACK 
OF AREA 




REGISTER TO SYSTEM 
INFORMATION DIRECTORY 



EDIT NORMAL 
RESPONSE 



EDIT ERROR 
RESPONSE 



RETUR n) 



34 



EP 0 330 404 B1 



Fig. 22 



io 



CPU 




IMAM 




% E M A' M 'V/// 
' ' ' ' ' ' ' ' ' / / / / / 






FIRST DIRECTORY 






HISTORY 
DIRECTORY 




■ IMEM 


SECOND DIRECTORY 




HISTORY RECORD 




FORMAT AREA 




» 

.. . , ' [ 




FORMAT AREA 





PASSWORD AREA 




FORMAT AREA 


EM EM 


FORMAT AREA 




1 
i 
i 




FORMAT AREA 



23 

21 

71 

22 

72 
8 

8 

17 
18 



70 



19 



- 18 



35 



EP 0 330 404 B1 



9 - 



Fig. 23 A 



4 

± 



10 



CPU 



IMEM 



IMAM 



EMAM 



MEMORY HISTORY 
DIRECTORY 



S 

S3 



ECTION 



o 
o 
_J 
m 



HISTORY RECORD AREA 



Fig. 23 



Fig.23A Fig.23B 



m 



Bi Si 




Bi S2 




Bi S 3 




Bi S4 










Bn Sm 





k 7 V 



\ 



6 
23 



TO 

Fig.23B 



\ 
\ 
\ 

\ \ 
\ \ 
\ \ 
* \ 
\ \ 
\ \ 
\ \ 
\ \ 
\ 

\ 

\ 

72 \ 



36 




EP 0 330 404 B1 



Fig. 23 B 



\ 1 

rL 



Bi 


Si 

s 2 

S3 

S4 
S m 


" PHOTO- 
- GRAPH 


B2 


Si 

S2 
S3 
S4 
Sm 


VOICE 


DO 


S| 

S2 
S3 
S4 
Sm 


-FINGER 
- PRINT 


B 4 


Si 

S2 
S3 
S4 
Sm 


-S1G- 

- NATURE 


Bs 


Si 

S2 
S3 
S4 
S m 


OVERFLOW 
" DATA 


Bn 


Si 

S2 
S 3 
S4 
Sm 





11' 



FREE 
FORMAT 



37 



EP 0 330 404 B1 



Fig. 24 A 



Fig 24 
Fig. 24A|Fig.24B 



UJ 



M 


EMORY 


HISTORY DIRECTORY 






SECTION 






12 3 4 






1 








2 






o 
o 


3 






1 


4 






CD 


I 
i 








n 






HISTORY RECORD AREA 


«• ■ 


^1 


Si 


READ X| 


Bl 


S2 




Bl 


S3 


WRITE X 


i 

i 




Bn 


Rm 





„5 
71 



1 1 



B, 


Si 


v//////////////////////, 


S2 




S3 




i 




S n 




B 2 


S i 




s 2 




1 
i 
* 




S m 






i 

! 
i 


Bn 


S 1 




S2 




1 
l 
I 




S m 





\ 



\ 




( EMEM ) 



38 



EP 0 330 404 B1 



# 



Fig. 24 B 



BiRt PHYSICAL 
ADDRESS 




( START ) 



T 



READ PROCESS 
RECEPTION 



READ ADDRESS 
SEARCH 



READ PROCESS 
EXECUTION 



READ HISTORY 
RENEWAL 



READ DATA 
NOTIFICATION 



WRITE PROCESS 
RECEPTION 



WRITE PROCESS 
EXECUTION 



WRITE HISTORY 

"tiRENEWAL . 



a ( 



READ COMMAND 
LOGICAL \ 
ADDRESS / 



WRITE ADDRESS | 
SEARCH K 
I 



NOTIFICATION 
"OF RESULT 

_WRITE COMMAND 
/ LOGICAL ADDRESSv 



WRLTE DATA 



WRITE EXECUTION 
NOTIFICATION 

r 



.NOTIFICATION 
OF RESULT 



(end ) 



39 




THIS PAGE BLANK 



